Overview

overview

7

Static

static

3

8817a856cc...18.exe

windows7-x64

7

8817a856cc...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-08-2024 23:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8817a856cc1c2f87296ba8b5f6080216_JaffaCakes118.exe

  • Size

    14KB

  • MD5

    8817a856cc1c2f87296ba8b5f6080216

  • SHA1

    53cffef79b74a23bbf820a7b9e4ae726dd576859

  • SHA256

    05d12e622222d17ce95c225f55caf4891736ccc31b78fd5df11fe2f0a7dc47da

  • SHA512

    e92220590956f0c0606aa2f4445140e524064105837d9cc908022633956d297797f040e3c48e8165c79b7a9be51df99d4c0f2567e2926d72c557722693f86fba

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4YhY7Zd:hDXWipuE+K3/SSHgxm7Zd

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 6 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8817a856cc1c2f87296ba8b5f6080216_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8817a856cc1c2f87296ba8b5f6080216_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2332
    • C:\Users\Admin\AppData\Local\Temp\DEM5BA8.exe
      "C:\Users\Admin\AppData\Local\Temp\DEM5BA8.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3608
      • C:\Users\Admin\AppData\Local\Temp\DEMB32E.exe
        "C:\Users\Admin\AppData\Local\Temp\DEMB32E.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3620
        • C:\Users\Admin\AppData\Local\Temp\DEM9BA.exe
          "C:\Users\Admin\AppData\Local\Temp\DEM9BA.exe"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:2780
          • C:\Users\Admin\AppData\Local\Temp\DEM5FE9.exe
            "C:\Users\Admin\AppData\Local\Temp\DEM5FE9.exe"
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:5116
            • C:\Users\Admin\AppData\Local\Temp\DEMB6C3.exe
              "C:\Users\Admin\AppData\Local\Temp\DEMB6C3.exe"
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:4720
              • C:\Users\Admin\AppData\Local\Temp\DEMD40.exe
                "C:\Users\Admin\AppData\Local\Temp\DEMD40.exe"
                7⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                PID:3752
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4216,i,16316361669272684588,6171287487746154806,262144 --variations-seed-version --mojo-platform-channel-handle=4076 /prefetch:8
    1⤵
      PID:1728

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\DEM5BA8.exe
      Filesize

      14KB

      MD5

      7a2c3ce2a1a17d25603a95e0cd21be08

      SHA1

      75a981f5f347e8eb6ff3ed68f790d6af8b192ef7

      SHA256

      daa4fe66ef235f6a8097ccea42905fb6df935c0ae68fc229bf6bd8faf7e1f79e

      SHA512

      a25e26d01488732532c95dc8fa30faee17c13e59005a644d5578676ea427a769c419a9c149029bfa28543b923c37f18ced6fd7138baeed72ee34f52ad097a2f0

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\DEM5FE9.exe
      Filesize

      14KB

      MD5

      d099668017a8ac18df44af363bf0e177

      SHA1

      bbadefc889ecdba60d34c35081221476a6803e3e

      SHA256

      5416cd861a2dfdf44abc421fc06266b764462085f67269846f046eb2f96158c5

      SHA512

      975540b7b4f9c2244e1d42e40e0f90c2b2decec9b9d3ddbfbc68aa1acb2350da7ee4236da4222d9187055afc37fb70d35502e5bceaaf1696ca37db6371a478a6

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\DEM9BA.exe
      Filesize

      14KB

      MD5

      9697814a8c4709a21ee8ae143c04a291

      SHA1

      fb4a02b7abbcf322cfb148f8cb06a138e1795b72

      SHA256

      614f5aff17beff94b052733d538bc211389c28027b2e99c0704a86d88e778fce

      SHA512

      7fddabe51548140c2ad9c70c52a25077e5e51a023cf636cf18aff3f5968d421975bee186a31c46a53df0ec1ba6bd83552303c23cb2de04d07c4ed792664e19e6

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\DEMB32E.exe
      Filesize

      14KB

      MD5

      4f6e8b4f5820d967ab2ef107d6996e32

      SHA1

      4cc8382259f36c9c38930d01526a5c67d9e56aba

      SHA256

      14afdd79012c530cab5fb564af8626f8d2ef00becff6c840e4727d0c7cce6612

      SHA512

      3c4fbb3188c1b6c175121f55b35d1eb0233a216e2a1dc2c7534df3c9a67a30b394e038c6d1c291e8bc68931ac8b72f3ecef48b6784cad99cbc993791633a2b9e

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\DEMB6C3.exe
      Filesize

      14KB

      MD5

      594df4b1acc82a421cce1c6476fdc6d5

      SHA1

      118e1d94b300f45af7fbd52dbf8f6a2a587a2aeb

      SHA256

      bfe920bfe79ea0aae861a720e206de89ae5d40bb2dfa00a1e95b98541ac7f80e

      SHA512

      88bc24af5fa0c00bd6e6da8c1721341211d4f5dcffc939eceea1ebe04645c52532f4ca159bffa8250286ab15cdfadcf07fc56bd22597f15d9d56f692fbcaeace

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\DEMD40.exe
      Filesize

      15KB

      MD5

      9009e983f8a71388d1f90ded5727513a

      SHA1

      8b3adb376c0683b7517c609c4d47f4cb653f1b36

      SHA256

      f863ebcda5f2fafbb3a077c29d3f228749f6179b10e6b3c0ea15dad87fd232c6

      SHA512

      859ae6c59732ec4e97c94e672701372e67c8f05c561220dfe217cad52b396223c0073e7a9a08ae0116592d189b16398c34e32d016b1d2347255d9c856e5c1e52

      Download Submit